Hmmm... what exactly are you wanting to do ?
Anti-spoofing is probably most important on the internal net,
so that internal addresses can't be spoofed.
It doesn't matter that external (internet) addresses are
spoofed - at least not to you, anyway !
I'd be interested to find out why you're trying to disable
this - if you find it's stopping something from working, then we should work on
that instead !
Tim
----- Original Message -----
Sent: 02 April 2001 19:48
Subject: [FW1] Turn off ip spoofing on
internal LAN
Hi
For some reasons I need to turn off the IP spoofing on my internal Nics in
Firewall Box, of course I'll keep IP spoofing on external Nic on the firewall
box! Meanwhile I will disallow traffic from DMZ to Localnet. Do you guys think
it's ok? By doing this do I run any potential security risk or not? The
condition is that no internal guy will be acted as a
hacker.
Thanks!
|